ID

VAR-201011-0019


CVE

CVE-2010-4008


TITLE

xmlsoft libxml Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201011-190

DESCRIPTION

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. The 'libxml2' library is prone to a memory-corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a specially crafted XML file. A successful attack can allow attacker-supplied code to run in the context of the application using the vulnerable library or can cause a denial-of-service condition. 'libxml2' versions prior to 2.7.8 are affected. Google Chrome is an open source web browser released by Google. Libxml2 is a C language-based function library for parsing XML documents developed by the GNOME project team. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. A remote attacker could use vectors related to XPath processing to cause a denial of service or possibly other unspecified effects. Packages for 2009.0 are provided as of the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM87BcmqjQ0CJFipgRAhtLAKDShPCQ/Gsm7qBzvcTZaIdAyTL0wQCfc7vl ViUDiKySUb6P7eFnOzt8Eg8= =8Sf0 -----END PGP SIGNATURE----- . 6) - i386, x86_64 3. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. This update also fixes the following bugs: * A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. The desktop must be restarted (log out, then log back in) for this update to take effect. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Libxml2 XPath Double Free Vulnerability SECUNIA ADVISORY ID: SA42721 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42721/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42721 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42721/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42721/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42721 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information see vulnerability #11: SA42472 The vulnerability is reported in version 2.7.8. SOLUTION: Do not process untrusted XML content using the library. PROVIDED AND/OR DISCOVERED BY: Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. ORIGINAL ADVISORY: http://code.google.com/p/chromium/issues/detail?id=63444 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The advisory will be updated when a patch is available. Summary VMware ESX updates to ESX Service Console. Relevant releases ESX 4.1 without patches ESX410-201204401-SG,ESX410-201204402-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201204401-SG ESX 4.0 ESX patch pending ** ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. ** Two of the three issues, CVE-2011-3191 and CVE-2011-4348, have already been addressed on ESX 4.0 in an earlier kernel patch. See VMSA-2012-0006 for details. b. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201204402-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESX 4.1 ------- ESX410-201204001 md5sum: 7994635547b375b51422b1a166c6e214 sha1sum: 9d5f3c9cbc53a9e03524b9bf0935c71f3dadf620 http://kb.vmware.com/kb/2013057 ESX410-201204001 contains ESX410-201204401-SG and ESX410-201204402-SG 5. Change log 2012-04-26 VMSA-2012-0008 Initial security advisory in conjunction with the release of patches for ESX 4.1 on 2012-04-26. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mingw32-libxml2 security update Advisory ID: RHSA-2013:0217-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html Issue date: 2013-01-31 CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 ===================================================================== 1. Summary: Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7 sLTqWGtUMTYIUvLH8YXGFX4= =rOjB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.89

sources: NVD: CVE-2010-4008 // BID: 44779 // VULHUB: VHN-46613 // VULHUB: VHN-47099 // PACKETSTORM: 96193 // PACKETSTORM: 107571 // PACKETSTORM: 97104 // PACKETSTORM: 114714 // PACKETSTORM: 112296 // PACKETSTORM: 119960

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:mac os xscope:ltversion:10.6.7

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.04

Trust: 1.0

vendor:apachemodel:openofficescope:lteversion:2.4.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:6.06

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.3

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.7.8

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.04

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:4.2

Trust: 1.0

vendor:googlemodel:chromescope:ltversion:7.0.517.44

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.3

Trust: 1.0

vendor:apachemodel:openofficescope:ltversion:3.3.0

Trust: 1.0

vendor:apachemodel:openofficescope:gteversion:3.0.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:9.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.10

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:10

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.2

Trust: 1.0

vendor:apachemodel:openofficescope:gteversion:2.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:10.2

Trust: 1.0

vendor:applemodel:safariscope:ltversion:5.0.4

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.13

Trust: 0.9

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.14

Trust: 0.9

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.26

Trust: 0.9

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.2

Trust: 0.9

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.12

Trust: 0.9

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.26

Trust: 0.6

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.29

Trust: 0.6

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.30

Trust: 0.6

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.28

Trust: 0.6

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.19

Trust: 0.6

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:susemodel:linux enterprise sp3scope:eqversion:10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.50

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.47255

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.30

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.2

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.57

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:neversion:2.7.8

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.51

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

vendor:googlemodel:chromescope:neversion:7.0.517.44

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.96

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.46

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.102

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:lotus symphonyscope:eqversion:3.0.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.49

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.16

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.7

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0-103

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2.1

Trust: 0.3

vendor:redmodel:hat enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0.95

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0-95

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.41

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.2

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.61

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.42

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:3.5

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.54

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:susemodel:linux enterprise sp1scope:eqversion:11

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.40

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.9

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:ibmmodel:lotus symphony fpscope:neversion:3.0.02

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.59

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.62

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.31

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.11

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.48

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.4

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.45

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.1

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.0-12

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.60

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.44

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.15

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.43

Trust: 0.3

vendor:avayamodel:aura conferencing sp1 standardscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:4.2

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:redmodel:hat enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.52

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.58

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:susemodel:linux enterprisescope:eqversion:11

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:lotus symphony fpscope:eqversion:3.0.01

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.103

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.47

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.53

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:7.0.517.41

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.7

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:6.0.472.56

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:9.10

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.7

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.1

Trust: 0.3

sources: BID: 44779 // CNNVD: CNNVD-201011-190 // NVD: CVE-2010-4008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4008
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201011-190
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46613
value: MEDIUM

Trust: 0.1

VULHUB: VHN-47099
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-4008
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-46613
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-47099
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46613 // VULHUB: VHN-47099 // CNNVD: CNNVD-201011-190 // NVD: CVE-2010-4008

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-399

Trust: 0.1

problemtype:CWE-415

Trust: 0.1

sources: VULHUB: VHN-46613 // VULHUB: VHN-47099 // NVD: CVE-2010-4008

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 107571 // CNNVD: CNNVD-201011-190

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201011-190

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-46613

PATCH

title:LATEST_LIBXML2_IS_2.7.8url:http://123.124.177.30/web/xxk/bdxqById.tag?id=35120

Trust: 0.6

title:libxml2-sources-2.7.8url:http://123.124.177.30/web/xxk/bdxqById.tag?id=35122

Trust: 0.6

title:libxml2-2.7.8url:http://123.124.177.30/web/xxk/bdxqById.tag?id=35121

Trust: 0.6

title:libxml2-tests-2.7.8url:http://123.124.177.30/web/xxk/bdxqById.tag?id=35123

Trust: 0.6

sources: CNNVD: CNNVD-201011-190

EXTERNAL IDS

db:NVDid:CVE-2010-4008

Trust: 2.6

db:BIDid:44779

Trust: 2.0

db:SECUNIAid:40775

Trust: 1.8

db:VUPENid:ADV-2011-0230

Trust: 1.8

db:SECUNIAid:42314

Trust: 1.7

db:SECUNIAid:42175

Trust: 1.7

db:SECUNIAid:42429

Trust: 1.7

db:SECUNIAid:42109

Trust: 1.7

db:VUPENid:ADV-2010-3076

Trust: 1.7

db:VUPENid:ADV-2010-3100

Trust: 1.7

db:VUPENid:ADV-2010-3046

Trust: 1.7

db:CNNVDid:CNNVD-201011-190

Trust: 0.7

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:PACKETSTORMid:114714

Trust: 0.2

db:PACKETSTORMid:119960

Trust: 0.2

db:PACKETSTORMid:96193

Trust: 0.2

db:PACKETSTORMid:112296

Trust: 0.2

db:PACKETSTORMid:107571

Trust: 0.2

db:SECUNIAid:42721

Trust: 0.2

db:PACKETSTORMid:96298

Trust: 0.1

db:PACKETSTORMid:106277

Trust: 0.1

db:PACKETSTORMid:95740

Trust: 0.1

db:PACKETSTORMid:125636

Trust: 0.1

db:PACKETSTORMid:108587

Trust: 0.1

db:VULHUBid:VHN-46613

Trust: 0.1

db:SECUNIAid:42762

Trust: 0.1

db:SECUNIAid:42472

Trust: 0.1

db:PACKETSTORMid:97048

Trust: 0.1

db:PACKETSTORMid:97155

Trust: 0.1

db:CNNVDid:CNNVD-201012-090

Trust: 0.1

db:VUPENid:ADV-2010-3336

Trust: 0.1

db:VUPENid:ADV-2010-3319

Trust: 0.1

db:BIDid:45617

Trust: 0.1

db:VULHUBid:VHN-47099

Trust: 0.1

db:PACKETSTORMid:97104

Trust: 0.1

sources: VULHUB: VHN-46613 // VULHUB: VHN-47099 // BID: 44779 // PACKETSTORM: 96193 // PACKETSTORM: 107571 // PACKETSTORM: 97104 // PACKETSTORM: 114714 // PACKETSTORM: 112296 // PACKETSTORM: 119960 // CNNVD: CNNVD-201011-190 // NVD: CVE-2010-4008

REFERENCES

url:http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

Trust: 2.0

url:http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/

Trust: 2.0

url:http://rhn.redhat.com/errata/rhsa-2013-0217.html

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2011/mar/msg00000.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2011//mar/msg00004.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2011/mar/msg00006.html

Trust: 1.8

url:http://support.apple.com/kb/ht4554

Trust: 1.8

url:http://support.apple.com/kb/ht4566

Trust: 1.8

url:http://support.apple.com/kb/ht4581

Trust: 1.8

url:http://www.openoffice.org/security/cves/cve-2010-4008_cve-2010-4494.html

Trust: 1.8

url:http://www.redhat.com/support/errata/rhsa-2011-1749.html

Trust: 1.8

url:http://secunia.com/advisories/40775

Trust: 1.8

url:http://www.vupen.com/english/advisories/2011/0230

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00003.html

Trust: 1.7

url:http://www.securityfocus.com/bid/44779

Trust: 1.7

url:http://code.google.com/p/chromium/issues/detail?id=58731

Trust: 1.7

url:http://support.apple.com/kb/ht4456

Trust: 1.7

url:http://www.debian.org/security/2010/dsa-2128

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:243

Trust: 1.7

url:http://mail.gnome.org/archives/xml/2010-november/msg00015.html

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12148

Trust: 1.7

url:http://secunia.com/advisories/42109

Trust: 1.7

url:http://secunia.com/advisories/42175

Trust: 1.7

url:http://secunia.com/advisories/42314

Trust: 1.7

url:http://secunia.com/advisories/42429

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-1016-1

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/3046

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/3076

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/3100

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=130331363227777&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=139447903326211&w=2

Trust: 1.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2010-4008

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-2834

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2011-1944

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2011-0216

Trust: 0.4

url:http://www.xmlsoft.org/news.html

Trust: 0.3

url:http://xmlsoft.org/index.html

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100153798

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100158911

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21496070

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4008

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-4494

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2821

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3919

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3905

Trust: 0.3

url:http://marc.info/?l=bugtraq&amp;m=139447903326211&amp;w=2

Trust: 0.2

url:http://code.google.com/p/chromium/issues/detail?id=63444

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-2834.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2010-4494.html

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-1944.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-2821.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2010-4008.html

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:http://bugzilla.redhat.com/):

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-0216.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0841

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3905

Trust: 0.2

url:http://www.vmware.com/security/advisories

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1944

Trust: 0.2

url:http://kb.vmware.com/kb/1055

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3919

Trust: 0.2

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0216

Trust: 0.2

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2834

Trust: 0.2

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.2

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.2

url:http://marc.info/?l=bugtraq&amp;m=130331363227777&amp;w=2

Trust: 0.1

url:http://lists.apple.com/archives/security-announce/2011//mar/msg00003.html

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html

Trust: 0.1

url:http://support.apple.com/kb/ht4564

Trust: 0.1

url:http://www.debian.org/security/2010/dsa-2137

Trust: 0.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2011-march/055775.html

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:260

Trust: 0.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11916

Trust: 0.1

url:http://secunia.com/advisories/42472

Trust: 0.1

url:http://secunia.com/advisories/42721

Trust: 0.1

url:http://secunia.com/advisories/42762

Trust: 0.1

url:http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Trust: 0.1

url:http://www.vupen.com/english/advisories/2010/3319

Trust: 0.1

url:http://www.vupen.com/english/advisories/2010/3336

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://store.mandriva.com/product_info.php?cpath=149&products_id=490

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:https://access.redhat.com/kb/docs/doc-11259

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2011-1749.html

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/42721/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42721

Trust: 0.1

url:http://secunia.com/products/corporate/vim/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/42721/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4494

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0841

Trust: 0.1

url:http://kb.vmware.com/kb/2020571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2821

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4348

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0028

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4348

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3191

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3191

Trust: 0.1

url:http://kb.vmware.com/kb/2013057

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-5134.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5134

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3102.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3919.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3905.html

Trust: 0.1

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0841.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3102

Trust: 0.1

sources: VULHUB: VHN-46613 // VULHUB: VHN-47099 // BID: 44779 // PACKETSTORM: 96193 // PACKETSTORM: 107571 // PACKETSTORM: 97104 // PACKETSTORM: 114714 // PACKETSTORM: 112296 // PACKETSTORM: 119960 // CNNVD: CNNVD-201011-190 // NVD: CVE-2010-4008

CREDITS

Bui Quang Minh from Bkis

Trust: 0.3

sources: BID: 44779

SOURCES

db:VULHUBid:VHN-46613
db:VULHUBid:VHN-47099
db:BIDid:44779
db:PACKETSTORMid:96193
db:PACKETSTORMid:107571
db:PACKETSTORMid:97104
db:PACKETSTORMid:114714
db:PACKETSTORMid:112296
db:PACKETSTORMid:119960
db:CNNVDid:CNNVD-201011-190
db:NVDid:CVE-2010-4008

LAST UPDATE DATE

2024-11-07T20:38:00.312000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-46613date:2020-06-04T00:00:00
db:VULHUBid:VHN-47099date:2020-07-31T00:00:00
db:BIDid:44779date:2014-11-14T00:01:00
db:CNNVDid:CNNVD-201011-190date:2023-06-30T00:00:00
db:NVDid:CVE-2010-4008date:2020-06-04T20:31:44.427

SOURCES RELEASE DATE

db:VULHUBid:VHN-46613date:2010-11-17T00:00:00
db:VULHUBid:VHN-47099date:2010-12-07T00:00:00
db:BIDid:44779date:2010-11-08T00:00:00
db:PACKETSTORMid:96193date:2010-11-29T23:39:00
db:PACKETSTORMid:107571date:2011-12-07T01:01:26
db:PACKETSTORMid:97104date:2010-12-28T08:35:38
db:PACKETSTORMid:114714date:2012-07-13T04:58:06
db:PACKETSTORMid:112296date:2012-04-27T20:42:35
db:PACKETSTORMid:119960date:2013-02-01T03:30:19
db:CNNVDid:CNNVD-201011-190date:2010-11-18T00:00:00
db:NVDid:CVE-2010-4008date:2010-11-17T01:00:02.963